Complete ADSL Configuration Example
The following example is a complete working configuration example using JUNOS Release 10.0 or later.

This example uses the following settings:

ADSL is the primary WAN interface in the untrust zone.
A 3G is the backup interface, monitoring the primary ADSL (at) interface.
A dialup interface (external modem) is used as a failover.
The at-1/0/0 and pp0.0 interfaces are in the untrust zone.
For pp0.0, point-to-point is configured.
PAP is configured,using the passive option.
The PPPoE underlying-interface and client options are configured.
All Ethernet ports are in a single VLAN group with a DHCP server providing service.
A default route to the DSL interface is configured.
Source NAT is enabled.
system {
host-name SRX210;
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
domain-name example.net;
router {
192.168.0.1;
}
pool 192.168.0.0/24 {
address-range low 192.168.0.100 high 192.168.0.199;

}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url Guests cannot see links in the messages. Please register to forum by clicking href="member.php?action=register">here to see links.
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/0;
member ge-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
member fe-0/0/7;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
cl-0/0/8 {
traceoptions {
flag all;
}
modem-options {
init-command-string "AT&C1";
}
dialer-options {
pool 1 priority 23;
}
}
dl0 {
unit 0 {
family inet {
negotiate-address;
}
dialer-options {
pool 1;
dial-string 1234;
}
}
}
at-1/0/0 {
encapsulation ethernet-over-atm;
atm-options {
vpi 0;
}
dsl-options {
operating-mode auto;
}
unit 0 {
encapsulation ppp-over-ether-over-atm-llc;
vci 0.35;
backup-options {
interface dl0.0;
}
}
}
pp0 {
traceoptions {
flag all;
}
unit 0 {
point-to-point;
ppp-options {
pap {
default-password "$9$/Gav9u1RhrG395RNds2UDCtu1hr"; ## SECRET-DATA
local-name "jsmith@example.net";
local-password "$9$hWLceWLxdwgJWLHYDqzFSreWxd"; ## SECRET-DATA
passive;
}
}
pppoe-options {
underlying-interface at-1/0/0.0;
client;
}
no-keepalives;
family inet {
negotiate-address;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0 metric 0;
route 0.0.0.0/0 next-hop dl0.0;
}
}
security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
at-1/0/0.0;
pp0.0;
dl0.0;
}
}
}
policies {
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
poe {
interface all;
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}

Detaylı Bilgi İçin:

Guests cannot see links in the messages. Please register to forum by clicking href="member.php?action=register">here to see links.